1. What can you share about your roadmap for including post-quantum cryptography (PQC) in your [ Product / Service ], such as a timeline for when PQC support will be available to customers for all quantum-vulnerable public key cryptography usage by your [ Product / Service ] ? 2. Will support for PQC in your [ Product / Service ] be made available through patches or updates under existing contracts and purchases? Q 3. Will your [ Product / Service ] require customers to replace existing hardware or make system architecture changes to support the PQC migration? 4. How will your [ Product / Service ] support cryptographic agility to allow flexible administration of configurations for planned cryptographic migration, or an unplanned and immediate migration to remediate a weakness in an algorithm? 5. What operational/configuration guidance will you be providing customers on how to migrate your [ Product / Service ] to utilize PQC? 6. Q6: When your [ Product / Service ] is updated to support PQC, will you ensure the cryptography is independently validated for implementation assurance, for example FIPS 140-3 certification under the Cryptographic Module Validation Program (CMVP)? 7. Are your 3rd party suppliers aware of and addressing the quantum computing threat, and are you evaluating how their PQC posture may impact your business operations and your customers? Note: Appendix E of the CFDIR Quantum-Readiness Best Practices v.03 provides questions an organization may use to assess the PQC posture of a third-party ^[https://ised-isde.canada.ca/site/spectrum-managementtelecommunications/sites/default/files/attachments/2023/cfdir-quantumreadiness-best-practices-v03.pdf].